Topics

thunderbird gmail notice


 

Hi all.

Please forward this out to anyone that uses thunderbird.

Note it may effect other clients.

Google seems to have quietly changed their security policy reguarding logins.

In short google will no longer accept normal passwords.

It was fine a little while ago, now it aint.

To fix, you need to go to tools, alt t and navigate to accounts and hit enter.

Select your account which will be your email address or the name you called it.

Next scroll down the tree view to server settings and tab all the way to authentication.

Next in the box talking about authentication press end or hit the down arrow till you hear o auth2 or till you can't go any lower.

Hit ok.

It appears that google no longer allows normal unencripted passwords to be sent to its server.

That is a good thing.

However unless I have been living in a dungeon they never told us about it.

So if you use a normal password you will get a message saying "username and account not accepted."

This message is not helpfull at the least.

The first thing I did was look at the password and check security events.

There were a few I had to confirm but they were not my issue.

I then deleted and recreated the account then renamed the account.

I then tried all the incription methods to see what it was and then well it worked.

On the pluss side the fully incripted logins seem to work much faster than they used to.

It appears that outlook is not effected.

I really wish google gave me a better error message, ie to the effect I needed to visit their site then when I logged in explain they had changed things but no, to much to ask for during a lockdown.


On the google point, how do I remove access to apps, I can see removal buttons but can't click them.

Shaun


Luke Davis
 

For what it's worth, my old alpine text based client in Linux is still accessing gmail just fine with the same old IMAP over SSL I've always used.

Every once in a while, they make me log in to their site and re-enable the old/less secure apps setting, but they haven't done so in at least six months.

Luke


 

Well that setting seems no more.

Its still working in my dad's outlook but I can't seem to find how to switch the security protocols.

Google seems to have started getting rid of all less secure access on their accounts and seem to slowly be roling out killing apps that are not secured.

Sadly outlook seems to be one of these apps, for what its worth its still working here but who knows what happens if I need to reload the account or it suddenly stops.

On 5/05/2020 12:17 am, Luke Davis wrote:
For what it's worth, my old alpine text based client in Linux is still accessing gmail just fine with the same old IMAP over SSL I've always used.

Every once in a while, they make me log in to their site and re-enable the old/less secure apps setting, but they haven't done so in at least six months.

Luke


Gene
 

I don't know what the problem is but it isn't what you think. I saw a message on another list from someone saying they must manually enter their password everytime they log in. However, I entered it once, closed Windows Live Mail, opened it again and told it to download mail. I was able to download mail without having to log in. the perverse behavior described by different people means that a Google problem is likely occurring and that waiting and manually logging in in the meantime, if necessary, may be the way to deal with the problem. We may see news accounts of the problem later in the day as it may be widespread.

Gene

-----Original Message-----
From: Shaun Everiss
Sent: Monday, May 04, 2020 7:46 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] thunderbird gmail notice

Well that setting seems no more.

Its still working in my dad's outlook but I can't seem to find how to
switch the security protocols.

Google seems to have started getting rid of all less secure access on
their accounts and seem to slowly be roling out killing apps that are
not secured.

Sadly outlook seems to be one of these apps, for what its worth its
still working here but who knows what happens if I need to reload the
account or it suddenly stops.



On 5/05/2020 12:17 am, Luke Davis wrote:
For what it's worth, my old alpine text based client in Linux is still accessing gmail just fine with the same old IMAP over SSL I've always used.

Every once in a while, they make me log in to their site and re-enable the old/less secure apps setting, but they haven't done so in at least six months.

Luke



 

OAUTH2 has been in use for several years now, and not only by Google.   It is what makes a given application no longer a "less secure app."

I can't imagine how you weren't prompted long ago to use OAUTH authentication except if you had the "less secure apps" option turned ON in your Google Account.

What's described certainly does not qualify as "new news" in any way, shape or form.  I do know that at one point, and I can't remember when, I got a notice from Google telling me that they were going to turn "less secure apps" off in all accounts unless the user went in and did something intentional to leave the setting in place.  I was using that setting at the time, which was just before Thunderbird and one other e-mail client I used to play with were updated to use modern authentication standards.

--

Brian - Windows 10 Pro, 64-Bit, Version 1909, Build 18363  

Science has become just another voice in the room; it has lost its platform.  Now, you simply declare your own truth.

      ~ Dr. Paul A. Offit, in New York Times article, How Anti-Vaccine Sentiment Took Hold in the United States, September 23, 2019

 

 


 

On Mon, May 4, 2020 at 06:58 AM, Shaun Everiss wrote:
On the google point, how do I remove access to apps, I can see removal buttons but can't click them.
I can't explain what's going on for you here.  Once I activate an app in the list that has access, and it expands to show the "Remove Access" button a single TAB lands me on said button.  I have nothing I want to remove, but focus under NVDA is on that button like it is for any other and I have no reason to believe that if I hit space bar or enter that it would not activate.

The page I'm on when I get the list of apps with permissions to my account is:  https://myaccount.google.com/permissions
 
--

Brian - Windows 10 Pro, 64-Bit, Version 1909, Build 18363  

Science has become just another voice in the room; it has lost its platform.  Now, you simply declare your own truth.

      ~ Dr. Paul A. Offit, in New York Times article, How Anti-Vaccine Sentiment Took Hold in the United States, September 23, 2019

 

 


 

I had less secure settings on, you are right about that.

I simply was not aware that thunderbird was one of those.

My assumption was simply that google was thinking that the only secure apps were google apps.

It appears that google is roling out the change everywhere.

At least now we know any modern app using the right protocols will be fine.

And at least most newer phones and anything using google service will support it.

Thunderbird may have had the option but I have never been prompted and have never bothered looking for something that up till now has continued to run floorlessly.

Up to now a secure app has always been windows mail, apple mail, and google's own apps like chrome.

I simply assumed that google was trying to cosy up to its own tech and never though that maybe it wasn't and that apps would support these standards.

If I had known, I would have switched ages ago.

For one thing, I am getting mail coming in at least a minute faster.

Google seems to be updating this on its enterprise gsweet blog but not to general users and I had to look for the information.

Its new news to me but then as I said I havn't needed to change my login methods since 1995.

The last time I did this was for ssl in 2005 or there abouts and that was it.

Its nice to see completely secured things going on.

But for the users on outlook 2016 and earlier unless I load 2factor on everything meaning every app and task I have has a spaciffic password for it, I will have to upgrade outlook and office to 2019 so it works.

Potentially anyway.

Outlook still works for now but I have no idea about how google's roleout is supposed to work for consumers so there could be a failier any time now.



On 5/05/2020 2:24 am, Brian Vogel wrote:
OAUTH2 has been in use for several years now, and not only by Google.   It is what makes a given application no longer a "less secure app."

I can't imagine how you weren't prompted long ago to use OAUTH authentication except if you had the "less secure apps" option turned ON in your Google Account.

What's described certainly does not qualify as "new news" in any way, shape or form.  I do know that at one point, and I can't remember when, I got a notice from Google telling me that they were going to turn "less secure apps" off in all accounts unless the user went in and did something intentional to leave the setting in place.  I was using that setting at the time, which was just before Thunderbird and one other e-mail client I used to play with were updated to use modern authentication standards.

--

Brian - Windows 10 Pro, 64-Bit, Version 1909, Build 18363  

Science has become just another voice in the room; it has lost its platform.  Now, you simply declare your own truth.

      ~ Dr. Paul A. Offit, in New York Times article, How Anti-Vaccine Sentiment Took Hold in the United States, September 23, 2019

 

 


Hareth
 

I don't know what's going on with some people setting gmail with thunderbird.
but thunderbird for a while now, has the prompt from google to allow
its access. And definitely its a secured app in google's list of
those.
I've been using Thunderbird for a long time now, and just set it up on
a new laptop and I added my gmail without any problem, just put the
credentials and next the prompt from google to allow thunderbird to
access it, that's all.
BTW I Have google's "Allow less secure apps: set to OFF"
TC

On 5/4/20, Shaun Everiss <@smeveriss> wrote:
I had less secure settings on, you are right about that.

I simply was not aware that thunderbird was one of those.

My assumption was simply that google was thinking that the only secure
apps were google apps.

It appears that google is roling out the change everywhere.

At least now we know any modern app using the right protocols will be fine.

And at least most newer phones and anything using google service will
support it.

Thunderbird may have had the option but I have never been prompted and
have never bothered looking for something that up till now has continued
to run floorlessly.

Up to now a secure app has always been windows mail, apple mail, and
google's own apps like chrome.

I simply assumed that google was trying to cosy up to its own tech and
never though that maybe it wasn't and that apps would support these
standards.

If I had known, I would have switched ages ago.

For one thing, I am getting mail coming in at least a minute faster.

Google seems to be updating this on its enterprise gsweet blog but not
to general users and I had to look for the information.

Its new news to me but then as I said I havn't needed to change my login
methods since 1995.

The last time I did this was for ssl in 2005 or there abouts and that
was it.

Its nice to see completely secured things going on.

But for the users on outlook 2016 and earlier unless I load 2factor on
everything meaning every app and task I have has a spaciffic password
for it, I will have to upgrade outlook and office to 2019 so it works.

Potentially anyway.

Outlook still works for now but I have no idea about how google's
roleout is supposed to work for consumers so there could be a failier
any time now.



On 5/05/2020 2:24 am, Brian Vogel wrote:
OAUTH2 has been in use for several years now, and not only by Google.
It is what makes a given application no longer a "less secure app."

I can't imagine how you weren't prompted long ago to use OAUTH
authentication except if you had the "less secure apps" option turned
ON in your Google Account.

What's described certainly does not qualify as "new news" in any way,
shape or form. I do know that at one point, and I can't remember
when, I got a notice from Google telling me that they were going to
turn "less secure apps" off in all accounts unless the user went in
and did something intentional to leave the setting in place. I was
using that setting at the time, which was just before Thunderbird and
one other e-mail client I used to play with were updated to use modern
authentication standards.

--

Brian *-*Windows 10 Pro, 64-Bit, Version 1909, Build 18363

*/Science has become just another voice in the room; it has lost its
platform. Now, you simply declare your own truth./*

~ Dr. Paul A. Offit, in /New York Times/ article, /How Anti-Vaccine
Sentiment Took Hold in the United States/
<https://www.nytimes.com/2019/09/23/health/anti-vaccination-movement-us.html>/,/September

23, 2019